Remarks and Arguments 

Claims 1-22 have been presented for examination. Claims 2, 4, 6, 12, 14, 16-21 
have been amended. Claims 1, 3, 13 and 15 have been canceled. 

Claims 13 and 20 have been objected to because a semi-colon follows the word 
"comprising" rather than a colon. Claim 13 has been canceled, thereby rendering the 
objection moot. In claim 20, the semi-colon has been replaced with a colon. 

Claims 1-22 have been rejected under 36 U.S.C. §1 02(e) as anticipated by U.S. 
Patent No. 6,105,027 (Schneider.) The examiner comments that the Schneider 
reference discloses all of the claimed limitations. 

In accordance with the principles of the invention, a method and system is 
disclosed for evaluating a set of credentials. Within any given certification path formed 
by the set of credentials, such as identity certificates, group membership certificates, 
group non-membership certificates and group membership lists, a composite trust rating 
for the respective path is determined as the lowest trust rating of any credential in the 
relevant path. In the event, plural certification paths exist within the set of credentials, 
the composite trust level for each certification path is established as described above 
and an overall trust rating is determined to be the highest composite trust rating among 
the various certification paths. 

The Schneider reference discloses scalable access filters that can be used to 
implement security in a VPN. The filters are arranged so that they will intercept a 
request for service in any path through the VPN that the request can take. When a user 
requests a service or resource via a VPN path, the first access filter that the request 
encounters along that path determines whether access to the service or resource will be 
granted based on access policies that are assigned to the user and the level of trust of 
the user identification mode and the VPN path. Once a user has been identified and 
access granted, the access filter encrypts the request and forwards it to the next access 
filter in the path. However, this access filter and any further access filters merely 
forward the encrypted request and do not repeatedly check whether access should be 
granted. 

The Schneider reference does not contemplate checking trust levels in a system 
with multiple paths. Schneider only checks the trust level in the path that the request 
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actually takes. Thus, Schneider repeatedly discusses the path. For example, see 
Schneider column 9, 28-40. In rejecting claim 4, the examiner cites Schneider column 
9, lines 3-60 and column 20, lines 42-47, as illustrating a multi-path system in which the 
trust level of each path is determined to be the trust level of the lowest trust level of any 
portion of the path and the trust rating of the entire multi-path system is set to be the 
trust level of the path with the highest trust level. 

However, Schneider , column 9, lines 3-60 describes how the trust level of the 
path is determined by considering the trust level of the identification technique and the 
trust level of the path portions separately. The Schneider specification indicates that, if 
the trust level of a portion of the path is below that trust level required by the resource, 
then the portion trust level can be increased by encrypting the information as it passes 
over that portion thereby effectively increasing the level of that portion. However, only a 
single path and portions of that path are discussed (lines 28-40). Schneider column 20, 
lines 42-47 discloses the same mechanism for increasing the trust level of a portion of 
the path with encryption. 

Schneider does not disclose or suggest selecting a path with the highest trust 
level in a multi-path system. Thus, Schneider does not disclose "assigning a trust rating 
equal to the highest trust rating of the third trust ratings (each third trust rating 
corresponds to the trust rating of one of the paths in a multi-path system. 

Claim 4 has been amended to place it in independent form incorporating the 
limitations of claim 1 (now canceled). Claim 4 now recites, in the event that the set of 
credentials forms a plurality of certification paths having at least one credential in each 
of the paths, determining for each of said plurality of certification paths a third trust 
rating equal to the lowest trust rating in the credentials of the respective certification 
path and determining a second trust rating for the set of credentials by assigning the 
second trust rating equal to the highest trust rating of the third trust ratings. As 
mentioned, Schneider does not disclose or suggest this combination because 
Schneider discusses determining the trust level of a single path. Consequently, 
amended claim 4 patentably distinguishes over the Schneider reference. 

Claims 2 and 5-12 have been amended to make them dependent, either directly 
or indirectly, on amended claim 4. Therefore, they incorporate the limitations of claim 
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4 and patentably distinguish over the Schneider reference in the same manner as 
amended claim 4. 

Claim 16 has been amended in a similar manner to claim 4 to incorporate the 
limitations of claim 13 and distinguishes over the cited Schneider reference in the 
same manner as amended claim 4. Claims 14 and 17 have been amended to make 
them dependent on amended claim 16. Therefore, they incorporate the limitations of 
claim 16 and patentably distinguish over the Schneider reference in the same manner 
as amended claim 16. 

Claims 18-20 have been amended in a similar manner to claim 4 to recite 
program code the operates in the event that the set of credentials forms a plurality of 
certification paths having at least one credential in each of the paths that determines 
for each of said plurality of certification paths a third trust rating equal to the lowest 
trust rating in the credentials of the respective certification path and that determines a 
second trust rating for the set of credentials by assigning the second trust rating equal 
to the highest trust rating of the third trust ratings. Consequently, these claims 
distinguish over the cited Schneider reference in the same manner as amended claim 
4. 

Claim 21 have been amended in a similar manner to claim 4 to recite that, in 
the event that the set of credentials forms a plurality of certification paths having at 
least one credential in each of the paths the recited method determines for each of 
said plurality of certification paths a third trust rating equal to the lowest trust rating in 
the credentials of the respective certification path and determines a second trust rating 
for the set of credentials by assigning the second trust rating equal to the highest trust 
rating of the third trust ratings. Consequently, claim 21 distinguishes over the cited 
Schneider reference in the same manner as amended claim 4. 

Claim 22 has been amended to make it dependent on amended claim 21 . 
Therefore, it incorporates the limitations of claim 21 and patentably distinguishes over 
the Schneider reference in the same manner as amended claim 21 . 

In light of the forgoing amendments and remarks, this application is now believed 
in condition for allowance and a notice of allowance is earnestly solicited. If the 
examiner has any further questions regarding this amendment, he is invited to call 
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applicants' attorney at the number listed below. The examiner is hereby authorized to 
charge any fees or direct any payment under 37 C.F.R. §§1.17, 1.16 to Deposit Account 
number 02-3038. 




Respectfully submitted 

Date: 

Paul E. Kudirka, Esq. Reg. No. 26,931 

KUDIRKA & JOBSE, LLP 

Customer Number 021 127 

Tel: (617) 367-4600 Fax: (617) 367-4656 
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